Healthcare security and data sanitization: what’s in common?

Healthcare industry is getting ready for the security threats. Lee Kim, HIMSS privacy and security director, found that many respondents of their survey were busy with testing preparation, CISOs hiring, and threat management programs. On the other hand, the industry still underestimated data monitization.

Numbers are more illustrative: 60 percent out of 126 IT specialists have already hired an Information Security leader. Hospitals and systems with CISOs NIST-like frameworks, diligently buy security products and held security training. 75 percent of the surveyed establishments behold threat management programs and regularly have penetration testing. 85 percent assess risks minimum once a year.

In the recent survey, though, 64 percent of IT specialists gave an incorrect answer when asked what the term meant. Many are misguided believing that it is enough to reset factory and reformat hard drives to securely clear data.

To the top security priorities belong incident response, cloud and website security, business continuity and disaster recovery, and risk management.

While healthcare sector is getting more and more concerned with the security issues, it still underestimates such notion as data sanitization. Underestimating data sanitization can lead to potential data breach. International Data Sanitization Consortium (IDSC), a group of security experts, is going to improve the situation with education and guidance. According to the group, permanent and irreversible removing of old data from such equipment as wearables or medical devices will take security up a notch.

Paul Henry, a security expert and IDSC member, says that data wiping is a step toward proper sanitization. That is, “to overwrite data in an unallocated space on the hard drive” so that it becomes non-recoverable. Another way to sanitize a file, defined by Henry, is to delete sensitive data from a classified document or message. In such a way, a document can be shared at a lower classification level.

The main goal of the IDSC group is to make the term of data sanitization clear for the broad audience and to demonstrate its importance and necessity to cover one of the possible data vulnerabilities. We hope they’ll manage to accomplish this and will gladly use the results of their undertaking.